netsupport | hxxp://geo[.]netsupportsoftware[.]com/location/loca[.]asp

Analysis

max time kernel
125s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2025, 13:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://geo.netsupportsoftware.com/location/loca.asp

Score

10^/10

netsupport discovery rat

Malware Config

Signatures

NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
rat netsupport
Netsupport family
netsupport

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_5856_743296330\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_454003076\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_454003076\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_454003076\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_454003076\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_750274790\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_750274790\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_750274790\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_750274790\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5856_642464596\_locales\te\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133873830842502878"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-814918696-1585701690-3140955116-1000\{3BA0F6F1-41AF-46C4-ABE5-343AB6BBB2CE}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2440	msedge.exe
2440	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5856 wrote to memory of 336	5856	msedge.exe	86
PID 5856 wrote to memory of 336	5856	msedge.exe	86
PID 5856 wrote to memory of 392	5856	msedge.exe	87
PID 5856 wrote to memory of 392	5856	msedge.exe	87
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 2476	5856	msedge.exe	88
PID 5856 wrote to memory of 208	5856	msedge.exe	89
PID 5856 wrote to memory of 208	5856	msedge.exe	89
PID 5856 wrote to memory of 208	5856	msedge.exe	89
PID 5856 wrote to memory of 208	5856	msedge.exe	89
PID 5856 wrote to memory of 208	5856	msedge.exe	89
PID 5856 wrote to memory of 208	5856	msedge.exe	89
PID 5856 wrote to memory of 208	5856	msedge.exe	89
PID 5856 wrote to memory of 208	5856	msedge.exe	89
PID 5856 wrote to memory of 208	5856	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://geo.netsupportsoftware.com/location/loca.asp
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2b8,0x7ffef90ef208,0x7ffef90ef214,0x7ffef90ef220
  2⤵
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1980,i,9842810896753643953,12639967273451716571,262144 --variations-seed-version --mojo-platform-channel-handle=2396 /prefetch:3
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2332,i,9842810896753643953,12639967273451716571,262144 --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:2
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2484,i,9842810896753643953,12639967273451716571,262144 --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:8
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3488,i,9842810896753643953,12639967273451716571,262144 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3508,i,9842810896753643953,12639967273451716571,262144 --variations-seed-version --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5016,i,9842810896753643953,12639967273451716571,262144 --variations-seed-version --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4904,i,9842810896753643953,12639967273451716571,262144 --variations-seed-version --mojo-platform-channel-handle=4880 /prefetch:8
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4872,i,9842810896753643953,12639967273451716571,262144 --variations-seed-version --mojo-platform-channel-handle=4000 /prefetch:8
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5688,i,9842810896753643953,12639967273451716571,262144 --variations-seed-version --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5688,i,9842810896753643953,12639967273451716571,262144 --variations-seed-version --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1772,i,9842810896753643953,12639967273451716571,262144 --variations-seed-version --mojo-platform-channel-handle=6008 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4868,i,9842810896753643953,12639967273451716571,262144 --variations-seed-version --mojo-platform-channel-handle=5936 /prefetch:8
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6308,i,9842810896753643953,12639967273451716571,262144 --variations-seed-version --mojo-platform-channel-handle=6196 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=5776,i,9842810896753643953,12639967273451716571,262144 --variations-seed-version --mojo-platform-channel-handle=6380 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6428,i,9842810896753643953,12639967273451716571,262144 --variations-seed-version --mojo-platform-channel-handle=6432 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=5792,i,9842810896753643953,12639967273451716571,262144 --variations-seed-version --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6724,i,9842810896753643953,12639967273451716571,262144 --variations-seed-version --mojo-platform-channel-handle=6736 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6092,i,9842810896753643953,12639967273451716571,262144 --variations-seed-version --mojo-platform-channel-handle=6244 /prefetch:8
  2⤵
  PID:792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=6944,i,9842810896753643953,12639967273451716571,262144 --variations-seed-version --mojo-platform-channel-handle=7096 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=6996,i,9842810896753643953,12639967273451716571,262144 --variations-seed-version --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6320,i,9842810896753643953,12639967273451716571,262144 --variations-seed-version --mojo-platform-channel-handle=6868 /prefetch:8
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,9842810896753643953,12639967273451716571,262144 --variations-seed-version --mojo-platform-channel-handle=7496 /prefetch:8
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7560,i,9842810896753643953,12639967273451716571,262144 --variations-seed-version --mojo-platform-channel-handle=7612 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=5248,i,9842810896753643953,12639967273451716571,262144 --variations-seed-version --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5228,i,9842810896753643953,12639967273451716571,262144 --variations-seed-version --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4884,i,9842810896753643953,12639967273451716571,262144 --variations-seed-version --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5956,i,9842810896753643953,12639967273451716571,262144 --variations-seed-version --mojo-platform-channel-handle=3972 /prefetch:8
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5348,i,9842810896753643953,12639967273451716571,262144 --variations-seed-version --mojo-platform-channel-handle=7532 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2440

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping5856_454003076\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5856_750274790\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5856_750274790\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
60d40d2b37759323c10800b75df359b8

SHA1
f5890e7d8fc1976fe036fea293832d2e9968c05c

SHA256
c3a2f26d5aef8b5ed1d23b59ed6fce952b48194bed69e108a48f78aec72126e0

SHA512
0c339563594cc9f930a64903281589886308d4412ee267e976520a58d86b2c339d7b2320e1b3fd6fbf81f092ff1735f0710c669af2986ea5b63d2c1e0a6df902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
aca5c6b0c227d80290082783c924b0ac

SHA1
7f4872b73701944f6d234bf6f3bff606fb974a0f

SHA256
f53d324edc6d5b0f752bda13323d8dabe7b5787a4c1a1e4c14619996dc13933f

SHA512
e294ed0bb69c040950ec2d956a4de7f5f8724fc91c956c35e1b1af024ece4f4cf1cd57593035292bdbe0784929e64f3cbf9b9913c1ea4a9a41d348de233ddd9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe584c08.TMP

Filesize
3KB

MD5
85c03894b6bc2231e1b452096121f925

SHA1
4e5ac6ecf22e8c0f5ab556f2b1aa236c763ff640

SHA256
9d70d734611a38ec0a9abac76059b114bf3d53edb25ffb064643f8a5228b3226

SHA512
a53df901169720c4c0c13cf2aaecd0166ecbfad284cd2562858aa4991671608330e65f04d5b219bda692c1a23df093be26e9393ad9331df0ae1eee4cf6eec2d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
92d05b477ebfcbdae2fffe11f5fdf273

SHA1
001461b4f3a7b8e4b36ab0c601732e9dd3b0d13d

SHA256
de9cb726eb2c2a7560f2dbdc8fca747de17018b4ffb3b3b96223ce423aa115e0

SHA512
94b28052096046f9a97a77c0b8b6f44c9455e5102c4871759a6c365e3f69901b6882453034bb1eb93a66c9fbcb9dd424fde7895d17c6d5a51514893387c43ccf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
76bd302567ab745de51d8c138509d0b1

SHA1
048ce4c7370b2e60aff87a35e20454fe30f01c1d

SHA256
5b1f382be45a85947a721b56528be0ea5987657ebb7deee77087ca745ff25abb

SHA512
58daf2656ac6919c0cb72c2d26e052ea158842dc9fe32fb04d4fe71ebad7fe2e1341095415b73a0cfa8e9f7d108ab86f14d5ad13ed25d97248e9bcacbf9de233

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
2e5ff807f6a28753103b1cd6eac88169

SHA1
1f9291f39f7d04f011cacbc9314d27f4fb270aba

SHA256
8479196013231efeda82a7b45e0ac0a202a4863ee98693e63db912f3f0f266ba

SHA512
285646044f47b983679347bff467a10b4a4d0a80989d8afc38487ed153141f43cf857da485d9d08be63b9da6c43f596dc0d19315b308dd91cc798bcc3dbecc6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
469b7a92a85c7d544cdf01ac22afb44e

SHA1
e115337cdb1b9cbeb7c9de663b286112d26b9f6e

SHA256
d74f23c220487927b3a52af0734f4408807d23eddcaa05f413f07d4a15c90215

SHA512
8992200dd976b86c460529d8fcfe063b930e4ee7a1f2df3371f41b1474de77a2933e8bca29acca9fb9a67d8f4d0a3975ceb0477d16f804dea10d81f6edc944fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
1e2a8ed8d91dfeb26233980255c2086a

SHA1
7a006e4a456da53467d9a1a85226f3f6c07b8993

SHA256
16120a2cf1e0f16c379a0a7951efac391929cf72ca77fa9fc45a18280df6ba65

SHA512
f3b6403537ae34cc47d1caf022807ad2c65d1c66eba118bf4ecca99ec05575990d4e5297dcdf537a0326603ad192af42e027694726b698c76125be4543882c6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\0efd31c0-f999-4870-a42f-6079b719f916\index-dir\the-real-index

Filesize
72B

MD5
c7ddbb65880b3696dd04de8b3c85d9bb

SHA1
66964cb5a4e2c6f2a07eaaff498567bca17e619f

SHA256
56f9a49927c2da786e50a0e07c51431a0a3c035bf379e6714bb1ec991b87b363

SHA512
28f9358727be2868f2344ffc1a5db0852cd6db0ab5fb9495b26ccbb81bfa0099ea7da865e02caa48d8a25a508bf2f409543ff081553c2150bb6ac9bea1cab1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\3b40ca74-f56a-4d2f-aadf-09d0f12c876a\index-dir\the-real-index

Filesize
72B

MD5
8cd2a90b043112309d285ab81f62a73a

SHA1
5479e406351f43bfd0c2dd48c8e67957b2015a33

SHA256
5fb89d2a2e5a9f1617d50bf18b99112a3f20db50dc724fb82ee01ed30766e0e3

SHA512
a5718e3c9663b21523c5e79d86f1595b12d14fc7df3d5d20276d04490727a5802eaa0d6255f5fbc9b2f01f39e54f47f09c656547393f54a49a69266f1f2da4b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\3b40ca74-f56a-4d2f-aadf-09d0f12c876a\index-dir\the-real-index~RFe582630.TMP

Filesize
48B

MD5
05a9aef188204780f291c3cfb65635b5

SHA1
44a13100e91204a4da0d8be0f378883cd9a7ea3f

SHA256
6fcfa8d63d9634b101602a518705b59ed6878b4443b79de3a10944aa05e5d1f2

SHA512
967598cbe919bce8b5591e22f55ef60e83fc5a6023398c1718a7852d70073f9b0073f342275035dbda8cc809cd5960d56393f5d7cb1d0fcaa7a7d2ee91186e4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\548e3de4-5f7a-478f-be3d-50e211f1a149\index-dir\the-real-index

Filesize
2KB

MD5
ae362ea1b8579f361fc4f42ab1a7d669

SHA1
61fc0d51d5327f2a4d3ee98b677b3941e364bc4e

SHA256
d3fa9a13dc89fd12a2ef030fb43c5763bf7530193f10f4a8bc93bb739a3d9233

SHA512
674a121d07cf6dd759c3e539a5b80ace6b66a925aeb1e653d4804b7d6272723b7cd4cc35e483bf9d0f2450e00ac618779bed536e5033d70e1eb854dfd7ca4dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\548e3de4-5f7a-478f-be3d-50e211f1a149\index-dir\the-real-index

Filesize
1KB

MD5
89d8769cf51a830fa39191a4fcb6f72b

SHA1
703dced1d2035221942d8135e4cf6c72f680803d

SHA256
c4eeb491d46ba27159e4ddf5598d703f8c616e34183672fc01f0efa9c534e825

SHA512
00b79e6fd45034d618bca0ea1519e4a21a9cbcb03aa6ecb83c18e559f2436d76b87793ed24df4128987331029b5021ee02726e7e02692cfa27d2b59ccf843b72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\548e3de4-5f7a-478f-be3d-50e211f1a149\index-dir\the-real-index~RFe57a289.TMP

Filesize
1KB

MD5
57e3ca803b9e28294e7176202137078f

SHA1
36fdb3332296b872fba2fcc77b61dad5eec59876

SHA256
7776eb674545a2c33d44cea987107ad3fa5d5b56a6cbc984d1cb101d9cddac75

SHA512
416f73d8aeb200ea28f128380fce15d77d8d9934b4d867d6e18d7ee91a33062cf4eb2b764d435ca07e5dfe5e650e28ebd12ecab28d176c1efc65352c0e289b29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\c4b0b60c-a39b-49fd-bb22-9f6720f0e475\index-dir\the-real-index

Filesize
72B

MD5
85a85e9a38f9138fa72a795deacff758

SHA1
fc7f4ba1a903cb3c0179197e2112691acfbd1d77

SHA256
5a363e8f212f1330b479e0c4bf561cedd714d7b1a1af8b9525348b2de0fdae1e

SHA512
64247a495c9dbd0bb32afbffd719c2e01169dbe022e16bee597c7a76604ebb657fb6529986191945d6fe6fad4941cec601caeac5590810cbed8f577f7c74cf67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\c4b0b60c-a39b-49fd-bb22-9f6720f0e475\index-dir\the-real-index

Filesize
72B

MD5
08d6d939151e612cd4b9c37563c0e0fd

SHA1
4f009cf4138655fee19afb74b0b04f10e6a6cb5d

SHA256
b3649f2384a59d31ae6b844767b5b46a8abed0adbe700973103c452e393d767f

SHA512
467b357bcfb6a7622b58d28bddbc103074df0ea2f93ffc8207c378e67bd61ff12d466d63febc3464047dc091c0278f77ee7db282fb35961ea63dd7fe7f95e8c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
327B

MD5
045f2bbe711514ce43d5faf73aa00b7a

SHA1
ab2038b4b656ad7d4c13d30bd8557faf95f651a0

SHA256
8b24d01ccb08a5f526bf10258f336bedd28d431c47d1fee024715ec37fc3ab6d

SHA512
1bc251af4100baed77599c55c603161d7d88308b49415617ee8d845e593969d07847fd246361bcaae63ea44564a7763842397c5b6e6403d2e65181c24f172d81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
322B

MD5
a54f8fb32d5e7bb6a47216252a411e43

SHA1
c3cf840dbbf41e97910a359a78facb18df82345d

SHA256
ee401d9e865b21fe4646331be3029d2028bef590f6bb6da91d8f7cb42a0a1754

SHA512
817d51c9db233a3afaab6a6944dad4cfad6d22581de149b9f0e48fe8a3aaa2b509907994f8c030e1a4245f758877747c84ce884ae16960509398b154a345bf1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
8dee9f6cbdaacf08f61faa93b87f6c0f

SHA1
9adcb0d868a1adc7a3d874dc443f24b1abf13379

SHA256
11a7da50029258bc176bcab8011157049d97138ae3a60a61b9a3a7ff733c69a7

SHA512
a564727bb44195a6a6a37f4aa07eb069284282131fc0e3930c9f49a687a28635c2eb617fddfe04049584624ebb295691b93d2aebb8855dd579882eb045baa774

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
c6f4eb7cf3e0dba99893f204a7a7be96

SHA1
5f49c01ea7e6b6e8570c9f2fe24cfb13693a36b0

SHA256
ca7f4fd0633fa6ae0c9e17fcac7d58ebc70355ded4bbcaebcfbdd306e0e30d8f

SHA512
2c6372eb2652635fa3f249da3e8bbfa27a4710fa0ef047878f82a081c42bbcc633999d652c891357f05092adb0a7184cccecbf0e8223bcbbd3b482e24ae1620d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f8f6.TMP

Filesize
48B

MD5
00b968dc93fbb13fa5385710f3fb1c57

SHA1
422af2941ae6519c8ad722b11d44c3ae63295472

SHA256
61cb2e36822e43840fa3307dae5fa5d7df97dbb721ac344559452c862ecb49e4

SHA512
557bc81bd2eb7fd0c86e7516ab5fe6941c3ed1ece10c63f6eaff6c7c6610bae92a6f7736e1a2eea4d1f00079d703f5655f6e804a59f97c05c4cd5ad650c1ff27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
7e6e352d1b2eab86542bbcb8319e37ba

SHA1
f363966b1a6186b570dcdecc7089f0af3fc85274

SHA256
909d758c3b68e98b6124bf0df931f6060e49469c117884e87d3d06e5ff0b3ed5

SHA512
a3c5319d9275d1b4f927b35eee53084566e66107fec6c7be917dda21f3abfe1435a52e840c8032553a1708ba9ea4da216dfa4b7482b1b5dd702222bfb0bb228c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\0be15175-8f9a-40a5-8a8f-512af843fb4a.tmp

Filesize
23KB

MD5
911a6230201eee5b0301891f1a1f194e

SHA1
1940955d42ce294beeb2d87018daa3bcaad350a1

SHA256
3f16bdec2290cd5331ce8f1b0fb8523e1dc781c351678ca984e9c1baa58ad1a7

SHA512
b69c4fee932bd9c172886569cd66b9e8bb10669c261ad8b6d1d8fd55e331ae6cf018a20042494a4e91c35f157d4882bc350341c57029ca9ee5ddc044951660fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
2af17775ef27dabff1ae5adfb3dd89cd

SHA1
c7aa81d807262f731bdf16922ea04542bb1c24e8

SHA256
abd6f43d0a5380a85d1c55e1dc7d4f1c74d4d6503aefaadc8d61612a09d7bc79

SHA512
3e8f66ceaa2c39f0ab612febcb30ef4bace11b4595d7e3b4cb5b9b8542c06f5ea74e34181fc16d66155a044b7af39474cf91bdc479b2bfde835703f8c998709c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
58ccdeda06e5f0f40714269db4c4a1af

SHA1
400624273bfd3f8d8e3962f34aefc145318b2114

SHA256
9eeddf1de3a660ba6d934a78f0f2a0b886920fb7924232bc1c6f6e758a5a4a28

SHA512
532556516202171d0655f09eeb3a9bdc1b2b280a79359661c067170b1cc297d8ea0b52ea629b1db1142a956e2d8e526ccdca406a326dbb9d2e0d5b2003b47527

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
48KB

MD5
1e2c5a718922200fdb56af3f4c1fd13f

SHA1
cfeb0cc3dce9f563ed87890f28e6f45f8c78ceab

SHA256
241f27e1b2761fa85b2084c5ceed45040b8aaa242d50b2603184bbbaad605da7

SHA512
834d005d31f5903719fa519e843cfba2885ef414d098adb74daffbf152596003570437765a1f9497c42cdf478447f8f1e2f94f83d92db3e79ad1b489980ec2d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
39KB

MD5
9e31d813f3b8437b99d92aad0eb80a9f

SHA1
5b3cf18f54aa22e7425b49b2ee1e416788360d51

SHA256
fd90d7a10d2167084ccf83321f48ca113f86605689e25a6275a14df4eeacfb7b

SHA512
0839b8a264d36db42e3cc0c38527ad3ad6bd832d7aa7a654c89e6f796391e6184ba104e3214782783d2da1f3770931f9ffb6b3c272ec7af3c8631dc7c1484b2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
f458ad6790cf04b3da8a7d44c12be4c8

SHA1
d9ceda9c2cce5053482c704183283af80f1dc34a

SHA256
e87968a1919242a471481f12c7439d29e1a4f88c86ccd24172810fddd8b16fe9

SHA512
7739aa8833dd1312cb230d31a1490e44a7acb1868728789c20a03dfc8e420fc82660c00cb8af79e3031291437b7d9f1d9a36b43d6659af81cedc404533688b2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
06998c71199330816eb6089ffe5ef17d

SHA1
590c7ac902ae945542facc6e138bc047c12e1692

SHA256
a1ee6837a5ced3e0e51a47d4a2102277ed422579882ab507f4dd7a737832c56f

SHA512
c7047232bb3c1451668d443d586e7212d113b4c23ffe4292d19b1cbb3451b24db51ef8c60c6670688a38c313132428974c304d3a4439d308465663e5b3f4ea3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe5806e1.TMP

Filesize
392B

MD5
c785192a4affced8b269bd693ed55b70

SHA1
8bc1e5ed4cc09297ad14652b84b56cdd060930a2

SHA256
7b217e9797821e225c45e036437454ecd44c431b42edf058d691bbadb521b849

SHA512
d5332b58ae817d04b4c847751034d3efc03e42534f368ebd86163e9448ea5bf456eac2d07a3769437bf76d6850915aecea5dae85011964c92ee77c185b543da4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
3681c3e503ab6ed6f3ec12786c13f2bb

SHA1
42a1788eb7287913ee5fde808e6bebaa2628e722

SHA256
523b07076082a6de8f97c75659219584d61c6a2ba42e0be4dd0e6e76715e5580

SHA512
d61dd8f8ff1bf1a1639b93c69acef6eb0262322fffc88ab87608130559f1eb07f7e3240eab35c5a6cf004f69fa107ad674570eb1a1d91b22b20b31eea5e7010b

Download Submit